It was thus said that the Great Markus Mayer once stated: > > Hi all, > > I have a problem at the moment which has certainly been solved elsewhere, > however I don't find an answer using google.
[ ... ] > If, for example, user143 comes in using ftp and knows that inside group86 > there is a document called group86/authorised/secure_document.pdf, they can > get to that document even if there is a .htaccess file in authorised > protecting access through apache. This applies to all other users too. Of > course this is unacceptable. This is really an FTP problem, not an Apache problem. You'll need to see if you can configure your FTP server to restrict user access to just their own directory. I know ProFTPd can do this (since I use ProFTPd in this capacity) and I think it can also do LDAP authentication (don't know for sure, since I don't use LDAP for authentication). ProFTPd's configuration file has a similar feel to Apache's so it should be pretty easy to work with if you are used to Apache. You can check it out at <http://www.proftpd.org/>. -spc (In fact, I use the same .htpasswd file for both Apache and ProFTPd for some of my sites ... ) --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
